<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">

<title>class OpenSSL::PKey::PKey - openssl: Ruby Standard Library Documentation</title>


<script src="../../js/navigation.js" defer></script>
<script src="../../js/search.js" defer></script>
<script src="../../js/search_index.js" defer></script>
<script src="../../js/searcher.js" defer></script>
<script src="../../js/darkfish.js" defer></script>

<script src="../../js/jquery-3.2.0.min.js"></script>

<script src="../../js/vue.min.js"></script>
<script src="../../js/js.cookie.min.js"></script>

<link href="../../css/fonts.css" rel="stylesheet">
<link id='rdoccss' href="../../css/rdoc.css" rel="stylesheet">
<link href="../../css/carbon17.css" rel="stylesheet">

<script type="text/javascript">
  var rdoc_rel_prefix = "../../";
  var index_rel_prefix = "../../";
  var darkModeCsseHref = "../../css/rdoc-dm.css"
  var defaultModeCssHref = "../../css/rdoc.css"
  // var cssDarkmode = Cookies.get('darkmode');
  
  if( Cookies.get("darkmode") == "true") {
	$('#rdoccss').attr("href", darkModeCsseHref);
}

//  https://cssdeck.com/blog/simple-jquery-stylesheet-switcher/

document.write('<style type="text/css">body{display:none}</style>');

</script>


</head>
<body id="top" role="document" class="class">
  <!-- this is class.html -->

  <div id='actionbar' >
    <div class='wrapper mdiv'>
      <ul class='grids g0'></ul>
    </div> 
    <!-- VERSION HEADER for 3.3.0.preview2 NOT FOUND -->
  </div> <!-- end action bar -->

  <div class='wrapper hdiv'>

    


    <nav id='vapp' role="navigation">
    <div id="project-navigation">
      <div id="home-section" role="region" title="Quick navigation" class="nav-section">
  <h2><a href="../../index.html" rel="home">Home</a></h2>

  <div id="table-of-contents-navigation"  >
    <a href="../../table_of_contents.html#pages">Pages</a>
    <a href="../../table_of_contents.html#classes">Classes</a>
    <a href="../../table_of_contents.html#methods">Methods</a>
  </div>
</div>

      <div id="search-section" role="search" class="project-section initially-hidden">
  <form action="#" method="get" accept-charset="utf-8">
    <div id="search-field-wrapper">
      <input id="search-field" role="combobox" aria-label="Search"
             aria-autocomplete="list" aria-controls="search-results"
             type="text" name="search" placeholder="Search" spellcheck="false"
             title="Type to search, Up and Down to navigate, Enter to load">
    </div>

    <ul id="search-results" aria-label="Search Results"
        aria-busy="false" aria-expanded="false"
        aria-atomic="false" class="initially-hidden"></ul>
  </form>
</div>

    </div>


    

    <button id='toggleThing' @click="toggleNav()" >Show/hide navigation</button>
    <div :class="isOpen ? 'block' : 'hidden' " id='toggleMe'>
      <div id="class-metadata">
        
        
<div id="parent-class-section" class="nav-section">
  <h3>Parent</h3>

  <p class="link">Object
</div>

        
        
        
<!-- Method Quickref -->
<div id="method-list-section" class="nav-section">
  <h3>Methods</h3>

  <ul class="link-list" role="directory">
    <li ><a href="#method-c-new">::new</a>
    <li ><a href="#method-i-compare-3F">#compare?</a>
    <li ><a href="#method-i-decrypt">#decrypt</a>
    <li ><a href="#method-i-derive">#derive</a>
    <li ><a href="#method-i-encrypt">#encrypt</a>
    <li ><a href="#method-i-initialize_copy">#initialize_copy</a>
    <li ><a href="#method-i-inspect">#inspect</a>
    <li ><a href="#method-i-oid">#oid</a>
    <li ><a href="#method-i-private_to_der">#private_to_der</a>
    <li ><a href="#method-i-private_to_pem">#private_to_pem</a>
    <li ><a href="#method-i-public_to_der">#public_to_der</a>
    <li ><a href="#method-i-public_to_pem">#public_to_pem</a>
    <li ><a href="#method-i-raw_private_key">#raw_private_key</a>
    <li ><a href="#method-i-raw_public_key">#raw_public_key</a>
    <li ><a href="#method-i-sign">#sign</a>
    <li ><a href="#method-i-sign_raw">#sign_raw</a>
    <li ><a href="#method-i-to_text">#to_text</a>
    <li ><a href="#method-i-verify">#verify</a>
    <li ><a href="#method-i-verify_raw">#verify_raw</a>
    <li ><a href="#method-i-verify_recover">#verify_recover</a>
  </ul>
</div>

      </div>
     </div>
    </nav>


    <div id='extraz'><div class='adzbox-index'  >
      
     </div>         
    </div>

    <main role="main" aria-labelledby="class-OpenSSL::PKey::PKey">
    <h1 id="class-OpenSSL::PKey::PKey" class="class">
      class OpenSSL::PKey::PKey
    </h1>

    <section class="description">
    
<p>An abstract class that bundles signature creation (<a href="PKey.html#method-i-sign"><code>PKey#sign</code></a>) and validation (<a href="PKey.html#method-i-verify"><code>PKey#verify</code></a>) that is common to all implementations except <a href="DH.html"><code>OpenSSL::PKey::DH</code></a></p>
<ul><li>
<p><a href="RSA.html"><code>OpenSSL::PKey::RSA</code></a></p>
</li><li>
<p><a href="DSA.html"><code>OpenSSL::PKey::DSA</code></a></p>
</li><li>
<p><a href="EC.html"><code>OpenSSL::PKey::EC</code></a></p>
</li></ul>

    </section>

      <section id="5Buntitled-5D" class="documentation-section">





                <section id="public-class-5Buntitled-5D-method-details" class="method-section">
                <header>
                <h3>Public Class Methods</h3>
                </header>

                  <div id="method-c-new" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          new &rarr; self
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Because <a href="PKey.html"><code>PKey</code></a> is an abstract class, actually calling this method explicitly will raise a NotImplementedError.</p>

                              <div class="method-source-code" id="new-source">
            <pre>static VALUE
ossl_pkey_initialize(VALUE self)
{
    if (rb_obj_is_instance_of(self, cPKey)) {
        ossl_raise(rb_eTypeError, &quot;OpenSSL::PKey::PKey can&#39;t be instantiated directly&quot;);
    }
    return self;
}</pre>
                              </div>
                            </div>


                          </div>

                          </section>

                <section id="public-instance-5Buntitled-5D-method-details" class="method-section">
                <header>
                <h3>Public Instance Methods</h3>
                </header>

                  <div id="method-i-compare-3F" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          compare?(another_pkey) &rarr; true | false
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Used primarily to check if an <a href="../X509/Certificate.html#method-i-public_key"><code>OpenSSL::X509::Certificate#public_key</code></a> compares to its private key.</p>

<h2 id="method-i-compare-3F-label-Example">Example<span><a href="#method-i-compare-3F-label-Example">&para;</a> <a href="#top">&uarr;</a></span></h2>

<pre class="ruby"><span class="ruby-identifier">x509</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">pem_encoded_certificate</span>)
<span class="ruby-identifier">rsa_key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">pem_encoded_private_key</span>)

<span class="ruby-identifier">rsa_key</span>.<span class="ruby-identifier">compare?</span>(<span class="ruby-identifier">x509</span>.<span class="ruby-identifier">public_key</span>) <span class="ruby-operator">=&gt;</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">|</span> <span class="ruby-keyword">false</span>
</pre>

                              <div class="method-source-code" id="compare-3F-source">
            <pre>static VALUE
ossl_pkey_compare(VALUE self, VALUE other)
{
    int ret;
    EVP_PKEY *selfPKey;
    EVP_PKEY *otherPKey;

    GetPKey(self, selfPKey);
    GetPKey(other, otherPKey);

    /* Explicitly check the key type given EVP_PKEY_ASN1_METHOD(3)
     * docs param_cmp could return any negative number.
     */
    if (EVP_PKEY_id(selfPKey) != EVP_PKEY_id(otherPKey))
        ossl_raise(rb_eTypeError, &quot;cannot match different PKey types&quot;);

    ret = EVP_PKEY_eq(selfPKey, otherPKey);

    if (ret == 0)
        return Qfalse;
    else if (ret == 1)
        return Qtrue;
    else
        ossl_raise(ePKeyError, &quot;EVP_PKEY_eq&quot;);
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-decrypt" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          decrypt(data [, options]) &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Performs a public key decryption operation using <code>pkey</code>.</p>

<p>See <a href="PKey.html#method-i-encrypt"><code>encrypt</code></a> for a description of the parameters and an example.</p>

<p>Added in version 3.0. See also the man page EVP_PKEY_decrypt(3).</p>

                              <div class="method-source-code" id="decrypt-source">
            <pre>static VALUE
ossl_pkey_decrypt(int argc, VALUE *argv, VALUE self)
{
    EVP_PKEY *pkey;
    EVP_PKEY_CTX *ctx;
    VALUE data, options, str;
    size_t outlen;
    int state;

    GetPKey(self, pkey);
    rb_scan_args(argc, argv, &quot;11&quot;, &amp;data, &amp;options);
    StringValue(data);

    ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
    if (!ctx)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_new&quot;);
    if (EVP_PKEY_decrypt_init(ctx) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_decrypt_init&quot;);
    }
    if (!NIL_P(options)) {
        pkey_ctx_apply_options(ctx, options, &amp;state);
        if (state) {
            EVP_PKEY_CTX_free(ctx);
            rb_jump_tag(state);
        }
    }
    if (EVP_PKEY_decrypt(ctx, NULL, &amp;outlen,
                         (unsigned char *)RSTRING_PTR(data),
                         RSTRING_LEN(data)) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_decrypt&quot;);
    }
    if (outlen &gt; LONG_MAX) {
        EVP_PKEY_CTX_free(ctx);
        rb_raise(ePKeyError, &quot;decrypted data would be too large&quot;);
    }
    str = ossl_str_new(NULL, (long)outlen, &amp;state);
    if (state) {
        EVP_PKEY_CTX_free(ctx);
        rb_jump_tag(state);
    }
    if (EVP_PKEY_decrypt(ctx, (unsigned char *)RSTRING_PTR(str), &amp;outlen,
                         (unsigned char *)RSTRING_PTR(data),
                         RSTRING_LEN(data)) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_decrypt&quot;);
    }
    EVP_PKEY_CTX_free(ctx);
    rb_str_set_len(str, outlen);
    return str;
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-derive" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          derive(peer_pkey) &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Derives a shared secret from <em>pkey</em> and <em>peer_pkey</em>. <em>pkey</em> must contain the private components, <em>peer_pkey</em> must contain the public components.</p>

                              <div class="method-source-code" id="derive-source">
            <pre>static VALUE
ossl_pkey_derive(int argc, VALUE *argv, VALUE self)
{
    EVP_PKEY *pkey, *peer_pkey;
    EVP_PKEY_CTX *ctx;
    VALUE peer_pkey_obj, str;
    size_t keylen;
    int state;

    GetPKey(self, pkey);
    rb_scan_args(argc, argv, &quot;1&quot;, &amp;peer_pkey_obj);
    GetPKey(peer_pkey_obj, peer_pkey);

    ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
    if (!ctx)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_new&quot;);
    if (EVP_PKEY_derive_init(ctx) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_derive_init&quot;);
    }
    if (EVP_PKEY_derive_set_peer(ctx, peer_pkey) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_derive_set_peer&quot;);
    }
    if (EVP_PKEY_derive(ctx, NULL, &amp;keylen) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_derive&quot;);
    }
    if (keylen &gt; LONG_MAX)
        rb_raise(ePKeyError, &quot;derived key would be too large&quot;);
    str = ossl_str_new(NULL, (long)keylen, &amp;state);
    if (state) {
        EVP_PKEY_CTX_free(ctx);
        rb_jump_tag(state);
    }
    if (EVP_PKEY_derive(ctx, (unsigned char *)RSTRING_PTR(str), &amp;keylen) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_derive&quot;);
    }
    EVP_PKEY_CTX_free(ctx);
    rb_str_set_len(str, keylen);
    return str;
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-encrypt" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          encrypt(data [, options]) &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Performs a public key encryption operation using <code>pkey</code>.</p>

<p>See <a href="PKey.html#method-i-decrypt"><code>decrypt</code></a> for the reverse operation.</p>

<p>Added in version 3.0. See also the man page EVP_PKEY_encrypt(3).</p>
<dl class="rdoc-list note-list"><dt><code>data</code>
<dd>
<p>A String to be encrypted.</p>
</dd><dt><code>options</code>
<dd>
<p>A Hash that contains algorithm specific control operations to OpenSSL. See OpenSSL’s man page EVP_PKEY_CTX_ctrl_str(3) for details.</p>
</dd></dl>

<p>Example:</p>

<pre class="ruby"><span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-string">&quot;RSA&quot;</span>, <span class="ruby-value">rsa_keygen_bits:</span> <span class="ruby-value">2048</span>)
<span class="ruby-identifier">data</span> = <span class="ruby-string">&quot;secret data&quot;</span>
<span class="ruby-identifier">encrypted</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">encrypt</span>(<span class="ruby-identifier">data</span>, <span class="ruby-value">rsa_padding_mode:</span> <span class="ruby-string">&quot;oaep&quot;</span>)
<span class="ruby-identifier">decrypted</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">decrypt</span>(<span class="ruby-identifier">data</span>, <span class="ruby-value">rsa_padding_mode:</span> <span class="ruby-string">&quot;oaep&quot;</span>)
<span class="ruby-identifier">p</span> <span class="ruby-identifier">decrypted</span> <span class="ruby-comment">#=&gt; &quot;secret data&quot;</span>
</pre>

                              <div class="method-source-code" id="encrypt-source">
            <pre>static VALUE
ossl_pkey_encrypt(int argc, VALUE *argv, VALUE self)
{
    EVP_PKEY *pkey;
    EVP_PKEY_CTX *ctx;
    VALUE data, options, str;
    size_t outlen;
    int state;

    GetPKey(self, pkey);
    rb_scan_args(argc, argv, &quot;11&quot;, &amp;data, &amp;options);
    StringValue(data);

    ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
    if (!ctx)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_new&quot;);
    if (EVP_PKEY_encrypt_init(ctx) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_encrypt_init&quot;);
    }
    if (!NIL_P(options)) {
        pkey_ctx_apply_options(ctx, options, &amp;state);
        if (state) {
            EVP_PKEY_CTX_free(ctx);
            rb_jump_tag(state);
        }
    }
    if (EVP_PKEY_encrypt(ctx, NULL, &amp;outlen,
                         (unsigned char *)RSTRING_PTR(data),
                         RSTRING_LEN(data)) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_encrypt&quot;);
    }
    if (outlen &gt; LONG_MAX) {
        EVP_PKEY_CTX_free(ctx);
        rb_raise(ePKeyError, &quot;encrypted data would be too large&quot;);
    }
    str = ossl_str_new(NULL, (long)outlen, &amp;state);
    if (state) {
        EVP_PKEY_CTX_free(ctx);
        rb_jump_tag(state);
    }
    if (EVP_PKEY_encrypt(ctx, (unsigned char *)RSTRING_PTR(str), &amp;outlen,
                         (unsigned char *)RSTRING_PTR(data),
                         RSTRING_LEN(data)) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_encrypt&quot;);
    }
    EVP_PKEY_CTX_free(ctx);
    rb_str_set_len(str, outlen);
    return str;
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-initialize_copy" class="method-detail ">
                            <div class="method-heading">
                              <span class="method-name">initialize_copy</span><span
                                class="method-args">(p1)</span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              

                              <div class="method-source-code" id="initialize_copy-source">
            <pre>static VALUE
ossl_pkey_initialize_copy(VALUE self, VALUE other)
{
    EVP_PKEY *pkey, *pkey_other;

    TypedData_Get_Struct(self, EVP_PKEY, &amp;ossl_evp_pkey_type, pkey);
    TypedData_Get_Struct(other, EVP_PKEY, &amp;ossl_evp_pkey_type, pkey_other);
    if (pkey)
        rb_raise(rb_eTypeError, &quot;pkey already initialized&quot;);
    if (pkey_other) {
        pkey = EVP_PKEY_dup(pkey_other);
        if (!pkey)
            ossl_raise(ePKeyError, &quot;EVP_PKEY_dup&quot;);
        RTYPEDDATA_DATA(self) = pkey;
    }
    return self;
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-inspect" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          inspect &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Returns a string describing the <a href="PKey.html"><code>PKey</code></a> object.</p>

                              <div class="method-source-code" id="inspect-source">
            <pre>static VALUE
ossl_pkey_inspect(VALUE self)
{
    EVP_PKEY *pkey;
    int nid;

    GetPKey(self, pkey);
    nid = EVP_PKEY_id(pkey);
    return rb_sprintf(&quot;#&lt;%&quot;PRIsVALUE&quot;:%p oid=%s&gt;&quot;,
                      rb_class_name(CLASS_OF(self)), (void *)self,
                      OBJ_nid2sn(nid));
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-oid" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          oid &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Returns the short name of the OID associated with <em>pkey</em>.</p>

                              <div class="method-source-code" id="oid-source">
            <pre>static VALUE
ossl_pkey_oid(VALUE self)
{
    EVP_PKEY *pkey;
    int nid;

    GetPKey(self, pkey);
    nid = EVP_PKEY_id(pkey);
    return rb_str_new_cstr(OBJ_nid2sn(nid));
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-private_to_der" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          private_to_der                   &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>
                      <div class="method-heading">
                        <span class="method-callseq">
                          private_to_der(cipher, password) &rarr; string
                              </span>
                            </div>

                            <div class="method-description">
                              <p>Serializes the private key to DER-encoded PKCS #8 format. If called without arguments, unencrypted PKCS #8 PrivateKeyInfo format is used. If called with a cipher name and a password, PKCS #8 EncryptedPrivateKeyInfo format with PBES2 encryption scheme is used.</p>

                              <div class="method-source-code" id="private_to_der-source">
            <pre>static VALUE
ossl_pkey_private_to_der(int argc, VALUE *argv, VALUE self)
{
    return do_pkcs8_export(argc, argv, self, 1);
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-private_to_pem" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          private_to_pem                   &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>
                      <div class="method-heading">
                        <span class="method-callseq">
                          private_to_pem(cipher, password) &rarr; string
                              </span>
                            </div>

                            <div class="method-description">
                              <p>Serializes the private key to PEM-encoded PKCS #8 format. See <a href="PKey.html#method-i-private_to_der"><code>private_to_der</code></a> for more details.</p>

<p>An unencrypted PEM-encoded key will look like:</p>

<pre>-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY-----</pre>

<p>An encrypted PEM-encoded key will look like:</p>

<pre>-----BEGIN ENCRYPTED PRIVATE KEY-----
[...]
-----END ENCRYPTED PRIVATE KEY-----</pre>

                              <div class="method-source-code" id="private_to_pem-source">
            <pre>static VALUE
ossl_pkey_private_to_pem(int argc, VALUE *argv, VALUE self)
{
    return do_pkcs8_export(argc, argv, self, 0);
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-public_to_der" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          public_to_der &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Serializes the public key to DER-encoded X.509 SubjectPublicKeyInfo format.</p>

                              <div class="method-source-code" id="public_to_der-source">
            <pre>static VALUE
ossl_pkey_public_to_der(VALUE self)
{
    return ossl_pkey_export_spki(self, 1);
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-public_to_pem" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          public_to_pem &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Serializes the public key to PEM-encoded X.509 SubjectPublicKeyInfo format.</p>

<p>A PEM-encoded key will look like:</p>

<pre>-----BEGIN PUBLIC KEY-----
[...]
-----END PUBLIC KEY-----</pre>

                              <div class="method-source-code" id="public_to_pem-source">
            <pre>static VALUE
ossl_pkey_public_to_pem(VALUE self)
{
    return ossl_pkey_export_spki(self, 0);
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-raw_private_key" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          raw_private_key   &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>See the <a href="../../OpenSSL.html"><code>OpenSSL</code></a> documentation for EVP_PKEY_get_raw_private_key()</p>

                              <div class="method-source-code" id="raw_private_key-source">
            <pre>static VALUE
ossl_pkey_raw_private_key(VALUE self)
{
    EVP_PKEY *pkey;
    VALUE str;
    size_t len;

    GetPKey(self, pkey);
    if (EVP_PKEY_get_raw_private_key(pkey, NULL, &amp;len) != 1)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_get_raw_private_key&quot;);
    str = rb_str_new(NULL, len);

    if (EVP_PKEY_get_raw_private_key(pkey, (unsigned char *)RSTRING_PTR(str), &amp;len) != 1)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_get_raw_private_key&quot;);

    rb_str_set_len(str, len);

    return str;
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-raw_public_key" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          raw_public_key   &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>See the <a href="../../OpenSSL.html"><code>OpenSSL</code></a> documentation for EVP_PKEY_get_raw_public_key()</p>

                              <div class="method-source-code" id="raw_public_key-source">
            <pre>static VALUE
ossl_pkey_raw_public_key(VALUE self)
{
    EVP_PKEY *pkey;
    VALUE str;
    size_t len;

    GetPKey(self, pkey);
    if (EVP_PKEY_get_raw_public_key(pkey, NULL, &amp;len) != 1)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_get_raw_public_key&quot;);
    str = rb_str_new(NULL, len);

    if (EVP_PKEY_get_raw_public_key(pkey, (unsigned char *)RSTRING_PTR(str), &amp;len) != 1)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_get_raw_public_key&quot;);

    rb_str_set_len(str, len);

    return str;
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-sign" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          sign(digest, data [, options]) &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Hashes and signs the <code>data</code> using a message digest algorithm <code>digest</code> and a private key <code>pkey</code>.</p>

<p>See <a href="PKey.html#method-i-verify"><code>verify</code></a> for the verification operation.</p>

<p>See also the man page EVP_DigestSign(3).</p>
<dl class="rdoc-list note-list"><dt><code>digest</code>
<dd>
<p>A String that represents the message digest algorithm name, or <code>nil</code> if the <a href="PKey.html"><code>PKey</code></a> type requires no digest algorithm. For backwards compatibility, this can be an instance of <a href="../Digest.html"><code>OpenSSL::Digest</code></a>. Its state will not affect the signature.</p>
</dd><dt><code>data</code>
<dd>
<p>A String. The data to be hashed and signed.</p>
</dd><dt><code>options</code>
<dd>
<p>A Hash that contains algorithm specific control operations to OpenSSL. See OpenSSL’s man page EVP_PKEY_CTX_ctrl_str(3) for details. <code>options</code> parameter was added in version 3.0.</p>
</dd></dl>

<p>Example:</p>

<pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">&quot;Sign me!&quot;</span>
<span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-string">&quot;RSA&quot;</span>, <span class="ruby-value">rsa_keygen_bits:</span> <span class="ruby-value">2048</span>)
<span class="ruby-identifier">signopts</span> = { <span class="ruby-value">rsa_padding_mode:</span> <span class="ruby-string">&quot;pss&quot;</span> }
<span class="ruby-identifier">signature</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">sign</span>(<span class="ruby-string">&quot;SHA256&quot;</span>, <span class="ruby-identifier">data</span>, <span class="ruby-identifier">signopts</span>)

<span class="ruby-comment"># Creates a copy of the RSA key pkey, but without the private components</span>
<span class="ruby-identifier">pub_key</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_key</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">pub_key</span>.<span class="ruby-identifier">verify</span>(<span class="ruby-string">&quot;SHA256&quot;</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">data</span>, <span class="ruby-identifier">signopts</span>) <span class="ruby-comment"># =&gt; true</span>
</pre>

                              <div class="method-source-code" id="sign-source">
            <pre>static VALUE
ossl_pkey_sign(int argc, VALUE *argv, VALUE self)
{
    EVP_PKEY *pkey;
    VALUE digest, data, options, sig;
    const EVP_MD *md = NULL;
    EVP_MD_CTX *ctx;
    EVP_PKEY_CTX *pctx;
    size_t siglen;
    int state;

    pkey = GetPrivPKeyPtr(self);
    rb_scan_args(argc, argv, &quot;21&quot;, &amp;digest, &amp;data, &amp;options);
    if (!NIL_P(digest))
        md = ossl_evp_get_digestbyname(digest);
    StringValue(data);

    ctx = EVP_MD_CTX_new();
    if (!ctx)
        ossl_raise(ePKeyError, &quot;EVP_MD_CTX_new&quot;);
    if (EVP_DigestSignInit(ctx, &amp;pctx, md, /* engine */NULL, pkey) &lt; 1) {
        EVP_MD_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_DigestSignInit&quot;);
    }
    if (!NIL_P(options)) {
        pkey_ctx_apply_options(pctx, options, &amp;state);
        if (state) {
            EVP_MD_CTX_free(ctx);
            rb_jump_tag(state);
        }
    }
#if OSSL_OPENSSL_PREREQ(1, 1, 1) || OSSL_LIBRESSL_PREREQ(3, 4, 0)
    if (EVP_DigestSign(ctx, NULL, &amp;siglen, (unsigned char *)RSTRING_PTR(data),
                       RSTRING_LEN(data)) &lt; 1) {
        EVP_MD_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_DigestSign&quot;);
    }
    if (siglen &gt; LONG_MAX) {
        EVP_MD_CTX_free(ctx);
        rb_raise(ePKeyError, &quot;signature would be too large&quot;);
    }
    sig = ossl_str_new(NULL, (long)siglen, &amp;state);
    if (state) {
        EVP_MD_CTX_free(ctx);
        rb_jump_tag(state);
    }
    if (EVP_DigestSign(ctx, (unsigned char *)RSTRING_PTR(sig), &amp;siglen,
                       (unsigned char *)RSTRING_PTR(data),
                       RSTRING_LEN(data)) &lt; 1) {
        EVP_MD_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_DigestSign&quot;);
    }
#else
    if (EVP_DigestSignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) &lt; 1) {
        EVP_MD_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_DigestSignUpdate&quot;);
    }
    if (EVP_DigestSignFinal(ctx, NULL, &amp;siglen) &lt; 1) {
        EVP_MD_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_DigestSignFinal&quot;);
    }
    if (siglen &gt; LONG_MAX) {
        EVP_MD_CTX_free(ctx);
        rb_raise(ePKeyError, &quot;signature would be too large&quot;);
    }
    sig = ossl_str_new(NULL, (long)siglen, &amp;state);
    if (state) {
        EVP_MD_CTX_free(ctx);
        rb_jump_tag(state);
    }
    if (EVP_DigestSignFinal(ctx, (unsigned char *)RSTRING_PTR(sig),
                            &amp;siglen) &lt; 1) {
        EVP_MD_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_DigestSignFinal&quot;);
    }
#endif
    EVP_MD_CTX_free(ctx);
    rb_str_set_len(sig, siglen);
    return sig;
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-sign_raw" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          sign_raw(digest, data [, options]) &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Signs <code>data</code> using a private key <code>pkey</code>. Unlike <a href="PKey.html#method-i-sign"><code>sign</code></a>, <code>data</code> will not be hashed by <code>digest</code> automatically.</p>

<p>See <a href="PKey.html#method-i-verify_raw"><code>verify_raw</code></a> for the verification operation.</p>

<p>Added in version 3.0. See also the man page EVP_PKEY_sign(3).</p>
<dl class="rdoc-list note-list"><dt><code>digest</code>
<dd>
<p>A String that represents the message digest algorithm name, or <code>nil</code> if the <a href="PKey.html"><code>PKey</code></a> type requires no digest algorithm. Although this method will not hash <code>data</code> with it, this parameter may still be required depending on the signature algorithm.</p>
</dd><dt><code>data</code>
<dd>
<p>A String. The data to be signed.</p>
</dd><dt><code>options</code>
<dd>
<p>A Hash that contains algorithm specific control operations to OpenSSL. See OpenSSL’s man page EVP_PKEY_CTX_ctrl_str(3) for details.</p>
</dd></dl>

<p>Example:</p>

<pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">&quot;Sign me!&quot;</span>
<span class="ruby-identifier">hash</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">digest</span>(<span class="ruby-string">&quot;SHA256&quot;</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-string">&quot;RSA&quot;</span>, <span class="ruby-value">rsa_keygen_bits:</span> <span class="ruby-value">2048</span>)
<span class="ruby-identifier">signopts</span> = { <span class="ruby-value">rsa_padding_mode:</span> <span class="ruby-string">&quot;pss&quot;</span> }
<span class="ruby-identifier">signature</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">sign_raw</span>(<span class="ruby-string">&quot;SHA256&quot;</span>, <span class="ruby-identifier">hash</span>, <span class="ruby-identifier">signopts</span>)

<span class="ruby-comment"># Creates a copy of the RSA key pkey, but without the private components</span>
<span class="ruby-identifier">pub_key</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_key</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">pub_key</span>.<span class="ruby-identifier">verify_raw</span>(<span class="ruby-string">&quot;SHA256&quot;</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">hash</span>, <span class="ruby-identifier">signopts</span>) <span class="ruby-comment"># =&gt; true</span>
</pre>

                              <div class="method-source-code" id="sign_raw-source">
            <pre>static VALUE
ossl_pkey_sign_raw(int argc, VALUE *argv, VALUE self)
{
    EVP_PKEY *pkey;
    VALUE digest, data, options, sig;
    const EVP_MD *md = NULL;
    EVP_PKEY_CTX *ctx;
    size_t outlen;
    int state;

    GetPKey(self, pkey);
    rb_scan_args(argc, argv, &quot;21&quot;, &amp;digest, &amp;data, &amp;options);
    if (!NIL_P(digest))
        md = ossl_evp_get_digestbyname(digest);
    StringValue(data);

    ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
    if (!ctx)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_new&quot;);
    if (EVP_PKEY_sign_init(ctx) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_sign_init&quot;);
    }
    if (md &amp;&amp; EVP_PKEY_CTX_set_signature_md(ctx, md) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_set_signature_md&quot;);
    }
    if (!NIL_P(options)) {
        pkey_ctx_apply_options(ctx, options, &amp;state);
        if (state) {
            EVP_PKEY_CTX_free(ctx);
            rb_jump_tag(state);
        }
    }
    if (EVP_PKEY_sign(ctx, NULL, &amp;outlen, (unsigned char *)RSTRING_PTR(data),
                      RSTRING_LEN(data)) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_sign&quot;);
    }
    if (outlen &gt; LONG_MAX) {
        EVP_PKEY_CTX_free(ctx);
        rb_raise(ePKeyError, &quot;signature would be too large&quot;);
    }
    sig = ossl_str_new(NULL, (long)outlen, &amp;state);
    if (state) {
        EVP_PKEY_CTX_free(ctx);
        rb_jump_tag(state);
    }
    if (EVP_PKEY_sign(ctx, (unsigned char *)RSTRING_PTR(sig), &amp;outlen,
                      (unsigned char *)RSTRING_PTR(data),
                      RSTRING_LEN(data)) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_sign&quot;);
    }
    EVP_PKEY_CTX_free(ctx);
    rb_str_set_len(sig, outlen);
    return sig;
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-to_text" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          to_text &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Dumps key parameters, public key, and private key components contained in the key into a human-readable text.</p>

<p>This is intended for debugging purpose.</p>

<p>See also the man page EVP_PKEY_print_private(3).</p>

                              <div class="method-source-code" id="to_text-source">
            <pre>static VALUE
ossl_pkey_to_text(VALUE self)
{
    EVP_PKEY *pkey;
    BIO *bio;

    GetPKey(self, pkey);
    if (!(bio = BIO_new(BIO_s_mem())))
        ossl_raise(ePKeyError, &quot;BIO_new&quot;);

    if (EVP_PKEY_print_private(bio, pkey, 0, NULL) == 1)
        goto out;
    OSSL_BIO_reset(bio);
    if (EVP_PKEY_print_public(bio, pkey, 0, NULL) == 1)
        goto out;
    OSSL_BIO_reset(bio);
    if (EVP_PKEY_print_params(bio, pkey, 0, NULL) == 1)
        goto out;

    BIO_free(bio);
    ossl_raise(ePKeyError, &quot;EVP_PKEY_print_params&quot;);

  out:
    return ossl_membio2str(bio);
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-verify" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          verify(digest, signature, data [, options]) &rarr; true or false
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Verifies the <code>signature</code> for the <code>data</code> using a message digest algorithm <code>digest</code> and a public key <code>pkey</code>.</p>

<p>Returns <code>true</code> if the signature is successfully verified, <code>false</code> otherwise. The caller must check the return value.</p>

<p>See <a href="PKey.html#method-i-sign"><code>sign</code></a> for the signing operation and an example.</p>

<p>See also the man page EVP_DigestVerify(3).</p>
<dl class="rdoc-list note-list"><dt><code>digest</code>
<dd>
<p>See <a href="PKey.html#method-i-sign"><code>sign</code></a>.</p>
</dd><dt><code>signature</code>
<dd>
<p>A String containing the signature to be verified.</p>
</dd><dt><code>data</code>
<dd>
<p>See <a href="PKey.html#method-i-sign"><code>sign</code></a>.</p>
</dd><dt><code>options</code>
<dd>
<p>See <a href="PKey.html#method-i-sign"><code>sign</code></a>. <code>options</code> parameter was added in version 3.0.</p>
</dd></dl>

                              <div class="method-source-code" id="verify-source">
            <pre>static VALUE
ossl_pkey_verify(int argc, VALUE *argv, VALUE self)
{
    EVP_PKEY *pkey;
    VALUE digest, sig, data, options;
    const EVP_MD *md = NULL;
    EVP_MD_CTX *ctx;
    EVP_PKEY_CTX *pctx;
    int state, ret;

    GetPKey(self, pkey);
    rb_scan_args(argc, argv, &quot;31&quot;, &amp;digest, &amp;sig, &amp;data, &amp;options);
    ossl_pkey_check_public_key(pkey);
    if (!NIL_P(digest))
        md = ossl_evp_get_digestbyname(digest);
    StringValue(sig);
    StringValue(data);

    ctx = EVP_MD_CTX_new();
    if (!ctx)
        ossl_raise(ePKeyError, &quot;EVP_MD_CTX_new&quot;);
    if (EVP_DigestVerifyInit(ctx, &amp;pctx, md, /* engine */NULL, pkey) &lt; 1) {
        EVP_MD_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_DigestVerifyInit&quot;);
    }
    if (!NIL_P(options)) {
        pkey_ctx_apply_options(pctx, options, &amp;state);
        if (state) {
            EVP_MD_CTX_free(ctx);
            rb_jump_tag(state);
        }
    }
#if OSSL_OPENSSL_PREREQ(1, 1, 1) || OSSL_LIBRESSL_PREREQ(3, 4, 0)
    ret = EVP_DigestVerify(ctx, (unsigned char *)RSTRING_PTR(sig),
                           RSTRING_LEN(sig), (unsigned char *)RSTRING_PTR(data),
                           RSTRING_LEN(data));
    EVP_MD_CTX_free(ctx);
    if (ret &lt; 0)
        ossl_raise(ePKeyError, &quot;EVP_DigestVerify&quot;);
#else
    if (EVP_DigestVerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) &lt; 1) {
        EVP_MD_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_DigestVerifyUpdate&quot;);
    }
    ret = EVP_DigestVerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig),
                                RSTRING_LEN(sig));
    EVP_MD_CTX_free(ctx);
    if (ret &lt; 0)
        ossl_raise(ePKeyError, &quot;EVP_DigestVerifyFinal&quot;);
#endif
    if (ret)
        return Qtrue;
    else {
        ossl_clear_error();
        return Qfalse;
    }
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-verify_raw" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          verify_raw(digest, signature, data [, options]) &rarr; true or false
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Verifies the <code>signature</code> for the <code>data</code> using a public key <code>pkey</code>. Unlike <a href="PKey.html#method-i-verify"><code>verify</code></a>, this method will not hash <code>data</code> with <code>digest</code> automatically.</p>

<p>Returns <code>true</code> if the signature is successfully verified, <code>false</code> otherwise. The caller must check the return value.</p>

<p>See <a href="PKey.html#method-i-sign_raw"><code>sign_raw</code></a> for the signing operation and an example code.</p>

<p>Added in version 3.0. See also the man page EVP_PKEY_verify(3).</p>
<dl class="rdoc-list note-list"><dt><code>signature</code>
<dd>
<p>A String containing the signature to be verified.</p>
</dd></dl>

                              <div class="method-source-code" id="verify_raw-source">
            <pre>static VALUE
ossl_pkey_verify_raw(int argc, VALUE *argv, VALUE self)
{
    EVP_PKEY *pkey;
    VALUE digest, sig, data, options;
    const EVP_MD *md = NULL;
    EVP_PKEY_CTX *ctx;
    int state, ret;

    GetPKey(self, pkey);
    rb_scan_args(argc, argv, &quot;31&quot;, &amp;digest, &amp;sig, &amp;data, &amp;options);
    ossl_pkey_check_public_key(pkey);
    if (!NIL_P(digest))
        md = ossl_evp_get_digestbyname(digest);
    StringValue(sig);
    StringValue(data);

    ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
    if (!ctx)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_new&quot;);
    if (EVP_PKEY_verify_init(ctx) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_verify_init&quot;);
    }
    if (md &amp;&amp; EVP_PKEY_CTX_set_signature_md(ctx, md) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_set_signature_md&quot;);
    }
    if (!NIL_P(options)) {
        pkey_ctx_apply_options(ctx, options, &amp;state);
        if (state) {
            EVP_PKEY_CTX_free(ctx);
            rb_jump_tag(state);
        }
    }
    ret = EVP_PKEY_verify(ctx, (unsigned char *)RSTRING_PTR(sig),
                          RSTRING_LEN(sig),
                          (unsigned char *)RSTRING_PTR(data),
                          RSTRING_LEN(data));
    EVP_PKEY_CTX_free(ctx);
    if (ret &lt; 0)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_verify&quot;);

    if (ret)
        return Qtrue;
    else {
        ossl_clear_error();
        return Qfalse;
    }
}</pre>
                              </div>
                            </div>


                          </div>

                  <div id="method-i-verify_recover" class="method-detail ">
                      <div class="method-heading">
                        <span class="method-callseq">
                          verify_recover(digest, signature [, options]) &rarr; string
                              </span>
                              <span class="method-click-advice">click to toggle source</span>
                            </div>

                            <div class="method-description">
                              <p>Recovers the signed data from <code>signature</code> using a public key <code>pkey</code>. Not all signature algorithms support this operation.</p>

<p>Added in version 3.0. See also the man page EVP_PKEY_verify_recover(3).</p>
<dl class="rdoc-list note-list"><dt><code>signature</code>
<dd>
<p>A String containing the signature to be verified.</p>
</dd></dl>

                              <div class="method-source-code" id="verify_recover-source">
            <pre>static VALUE
ossl_pkey_verify_recover(int argc, VALUE *argv, VALUE self)
{
    EVP_PKEY *pkey;
    VALUE digest, sig, options, out;
    const EVP_MD *md = NULL;
    EVP_PKEY_CTX *ctx;
    int state;
    size_t outlen;

    GetPKey(self, pkey);
    rb_scan_args(argc, argv, &quot;21&quot;, &amp;digest, &amp;sig, &amp;options);
    ossl_pkey_check_public_key(pkey);
    if (!NIL_P(digest))
        md = ossl_evp_get_digestbyname(digest);
    StringValue(sig);

    ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
    if (!ctx)
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_new&quot;);
    if (EVP_PKEY_verify_recover_init(ctx) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_verify_recover_init&quot;);
    }
    if (md &amp;&amp; EVP_PKEY_CTX_set_signature_md(ctx, md) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_CTX_set_signature_md&quot;);
    }
    if (!NIL_P(options)) {
        pkey_ctx_apply_options(ctx, options, &amp;state);
        if (state) {
            EVP_PKEY_CTX_free(ctx);
            rb_jump_tag(state);
        }
    }
    if (EVP_PKEY_verify_recover(ctx, NULL, &amp;outlen,
                                (unsigned char *)RSTRING_PTR(sig),
                                RSTRING_LEN(sig)) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_verify_recover&quot;);
    }
    out = ossl_str_new(NULL, (long)outlen, &amp;state);
    if (state) {
        EVP_PKEY_CTX_free(ctx);
        rb_jump_tag(state);
    }
    if (EVP_PKEY_verify_recover(ctx, (unsigned char *)RSTRING_PTR(out), &amp;outlen,
                                (unsigned char *)RSTRING_PTR(sig),
                                RSTRING_LEN(sig)) &lt;= 0) {
        EVP_PKEY_CTX_free(ctx);
        ossl_raise(ePKeyError, &quot;EVP_PKEY_verify_recover&quot;);
    }
    EVP_PKEY_CTX_free(ctx);
    rb_str_set_len(out, outlen);
    return out;
}</pre>
                              </div>
                            </div>


                          </div>

                          </section>

              </section>
              </main>



            </div>  <!--  class='wrapper hdiv' -->


<footer id="validator-badges" role="contentinfo">
<p><a href="https://validator.w3.org/check/referer">Validate</a></p>
<p>Generated by <a href="https://ruby.github.io/rdoc/">RDoc</a> 6.4.0.</p>
<p>Based on <a href="https://github.com/ged/darkfish/">Darkfish</a> by <a href="http://deveiate.org">Michael Granger</a>.</p>

  
    <p><p><a href="https://ruby-doc.org">Ruby-doc.org</a> is provided by <a href="https://jamesbritt.com">James Britt</a> and <a href="https://neurogami.com">Neurogami</a>.</p><p><a href="https://jamesbritt.bandcamp.com/">Maximum R+D</a>.  </p>
</p>
  
  </footer>

<script type="text/javascript">


  let ads  = $("#carbonads-container").children().detach();


  function swapMode() {
    var cookieName = 'darkmode';
    var cssDarkmode = Cookies.get(cookieName);
    console.log("***** swapMode! " + cssDarkmode + " *****");


    if (cssDarkmode == "true") {
      console.log("We have dark mode, set the css to light ...");
      $('#rdoccss').attr("href", defaultModeCssHref);
      $('#cssSelect').text("Dark mode");
      cssDarkmode = "false";
      console.log("swapMode! Now set cookie to " + cssDarkmode);
      Cookies.set(cookieName, cssDarkmode);

    } else {
      console.log("We not have dark mode, set the css to dark ...");
      $('#rdoccss').attr("href", darkModeCsseHref);
      $('#cssSelect').text("Light mode");
      cssDarkmode = "true";
      console.log("swapMode! Now set cookie to " + cssDarkmode);
      Cookies.set(cookieName, cssDarkmode);

    }

    console.log("  --------------- ");
  }


const vueCssApp = new Vue({
el: '#menubar',
data: {
isDark: false
},
methods: {
toggleClass: function(event){
this.isDark = !this.isDark;
}
}
})

const vueApp = new Vue({
el: '#vapp',
data: { 
isOpen: true
},

mounted() {
this.handleResize();
this.manage_mob_classes();
window.addEventListener('resize', this.handleResize)
//this.isOpen !=  (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent));
},
destroyed() {
window.removeEventListener('resize', this.handleResize)
},
created() {
//manage_mob_classes();
},

methods : {
isMobile() {
  return (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent));
},

  handleResize() {
    if (!this.isMobile()) {
      this.isOpen = window.innerWidth > 800;
    }
  },

  manage_mob_classes() {
    if (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)) {
      $("nav").addClass("mob_nav");
      $("main").addClass("mob_main");
      $("#extraz").addClass("mob_extraz");
      $("#carbonads-container").addClass("mob_carbonads-container");
      this.isOpen  = false;
    } else {
      $("nav").removeClass("mob_nav") 
        $("main").removeClass("mob_main");
      $("#extraz").removeClass("mob_extraz");
      $("#carbonads-container").removeClass("mob_carbonads-container");
      this.isOpen  = true;
    }
  },

  toggleNav() {
    this.isOpen =! this.isOpen ;
    // alert("Toggle nav!");
    console.log("toggleNav() click: " + this.isOpen );
  }
}
})

$("#carbonads-container").append(ads);


$(function() {

    var darkmode = Cookies.get("darkmode");
    console.log("Document ready: " + darkmode);

    if ( darkmode  == "true" ) {
      $('#cssSelect').text("Light mode");
    } else {
      $('#cssSelect').text("Dark mode");
     }

    $('body').css('display','block');
    });

</script>

    
  </body> 
</html>

